I am trying to implement spdy protocol with Nginx 1.8.0. I've built it with spdy module.
When I check my website through spdycheck.org it is everything green and says spdy 3.1 is supported, but chrome extension in Chrome 42 doesn't show green arrow and says it is not enabled. I've also checked chrome://net-internals/#spdy and my website is not listed there.
I've got my SHA2 certificate at StartSSL.
SSL Labs gives me grade A+ with almost perfect score.
Nginx config:
server {
listen xx.xx.xx.xx:80;
server_name domain.com www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen xx.xx.xx.xx:443 ssl spdy;
server_name domain.com www.domain.com;
if ($host = 'domain.com' ) {
return 301 https://www.domain.com$request_uri;
}
if ($host = 'it.domain.com' ) {
return 301 http://it.domain.com$request_uri;
}
ssl on;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Cloudflare recommended
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
# Mozilla recommended
#ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_certificate /var/nginx/ssl/site.crt;
ssl_certificate_key /var/nginx/ssl/site.key;
ssl_dhparam /var/nginx/ssl/dhparam.pem;
ssl_trusted_certificate /var/nginx/ssl/startssl_trust_chain.crt;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
add_header Strict-Transport-Security "max-age=63072000; preload";
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options nosniff;
access_log /home/virtual/domain.com/logs/access.log main;
error_log /home/virtual/domain.com/logs/error.log notice;
root /home/virtual/domain.com/subs/www;
index index.php index.html;
rewrite ^/it\.html http://it.domain.com permanent;
location ~* ^.+\.(jpg|jpeg|gif|png|js|css|ico|swf)$ {
expires 30d;
access_log off;
}
location ~ /\. {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfarm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /home/virtual/domain.com/subs/www/$fastcgi_script_name;
fastcgi_buffer_size 32k;
fastcgi_buffers 32 32k;
fastcgi_intercept_errors on;
include /var/nginx/conf/fastcgi.conf;
if ($request_uri ~* "^/index.php\??$") {
rewrite ^/.*$ http://$host? permanent;
}
}
}
Has anyone any idea why it doesn't want to work?
Thanks!